I read Tony's account of probability...and it could definitely work that
way...if the professional Swiss banking system weren't very security
conscious, and allowed the transfer of public keys over the open wire...I
would rather submit a compromise in the banks security by bribe or pressure
from our government via some agreement...etc...where the bank simply
supplies the keys and the agents leak Tony's scenerio to the news...lets
the bank off the hook and none are the wiser...and it is much easier...
It would work like this:
1. Trafficer sends message...message intercepted by agents...decrypted
using banks private key...message read...amounts and information to bank
changed...messsage encrypted using the banks public key...message sent on
to the bank, where some unsuspecting teller processes it.
2. Bank sends message, confirming the transaction...agents intercept
it...substitute messages using the trafficers public key...and send it
along, telling the trafficer that everything is okay, or whatever they
would like to say.
3. Where did the agents get the keys...why from the bank of course...they
got the bank's private and public keys, and the trafficers public
key...which allowed all of this to go on...remember, the bank is the only
one that has all of this information.
4. My premise for believing that there was a compromise at the bank is
supported by this...that the old Ted and Alice thing is wildly know by
every security consultant in the world...heck, I've read it time and again,
and it is supplied with all copies of PGP 5.0....therefore at the time the
account was opened, I believe a public key disk would be personally
transfered between parties...thus thwarting the middle man being able to
intercede...we are talking lots of money here...say the bank gives the
trafficer their public key on disk...he uses it to give the bank his public
key...via encrypted email...now the middle man cannot substitute this kind
of arrangement, because they will never know the trafficer's public
key...it was encrypted using the bank's public key...any messages returned
to the trafficer will have to be with his verifiable key...are we to
believe the Swiss' cryptosystem is this slack...openly transfering public
keys in unprotected email. Hey, I'm just a common Joe...and I wouldn't
want this to happen...
Note: The above is only my opinion....not an espousal of great world
truth...just food for thought...the world is not a safe place for
electronic information...guard yours...use PGP...verify keys...
> > The other night in a show on the discovery channel about non-lethal
> > weapons, computer security was discussed. among other things, they
> > an attack against a drug cartel or something that was sending a pgp
> > encrypted transaction to a swiss bank through the internet. in very
> > terms they said something like the public keys were intercepted, and
> > attacker acted as a middle-man in between the trafficers and was able
> > forge the transactions (changing the $$ transfered). how could this
> > happen? did anyone see the show? where can i find out more about such
> > threats? thanks.
> I didn't see the show but I can still explain how this could happen.
> Person A sent his public key to person B and
> person B sent his public key to person A and
> then they forgot to verify that they really had eachothers keys (or
> their verification simply wasn't good enough); all the cops did was to
> prevent the real keys from reaching its destination and instead sent a
> key that they had created to the bank and one to the criminal...
> The bank and the criminal never sent messages to eachother because both
> of them sent messages to the cops.
> /Tony <Tony...this is an excellent explantion, and in lieu of the
compromise scenario above...probable....the Infojunkie...>
> "We only live to please those we love" -- Aphrael
> http://tls.base.org \O/ \O/ ?Tony Svanstrom 1997